cisco & krb5

[Sam Hartman]

>>>>> "Mihai" == Mihai RUSU <dizzy at roedu.net> writes:

    Mihai> Hi I am testing cisco switch authentication configuration
    Mihai> with kerberos v5 server. I succeded in auth against
    Mihai> kerberos only if the server "key" is des-cbc-crc. If I have
    Mihai> a key both des-cbc-crc and des3-hmac-sha1 it doesnt seem to
    Mihai> work. I will investigate this also on the cisco side (if it
    Mihai> can be made to use des3-hmac-sha1 keys) but while Im doing
    Mihai> that I also wanted to know how can I add key entries to a
    Mihai> keytab file (which I send it to the cisco router for his
    Mihai> own auth) only of one key type ? If the generated key for a
    Mihai> principal is both des3-hmac-sha1 and des-cbc-crc it seems
    Mihai> that ktadd adds them both to the keytab file. I would need
    Mihai> a solution to add only des-cbc-crc or a solution to delete
    Mihai> one of the keys of the same principal in a keytab file.

Try
ktadd -e des-cbc-crc:normal principalname